From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sting Zax <zstingx@gmail.com>
Subject: Re: frontend and backend devices and different types of
	hw - pci for example
Date: Mon, 29 Aug 2005 02:57:07 -0400
Message-ID: <3a0f1c62050828235727cd55fa@mail.gmail.com>
References: <3a0f1c6205082800287beb089@mail.gmail.com>
	<200508281625.09980.mark.williamson@cl.cam.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <200508281625.09980.mark.williamson@cl.cam.ac.uk>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Mark Williamson <mark.williamson@cl.cam.ac.uk>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

Hello,=20

 I had looked at the code of 2.0.*  under xen/arch/x86 saw=20
pci-irq.c and pci-pc.c and pci-x86.c which as I understand handle pci devic=
es=20
other than net/usb.
However, I did not saw such modules in the unstable version.=20
May I ask : is this PCI support for non net/usb PCI devices  removed
(or temporarily removed) from the unstable version? or maybe I simply
missed it ?


>Note that giving direct physical access to a PCI device has security
>implications since the guest can potentially use the cards' DMA capabiliti=
es
>to access all of physical memory. =20

Will IOMMU support help solving this security problems ?=20


Regards,
Sting

On 8/28/05, Mark Williamson <mark.williamson@cl.cam.ac.uk> wrote:
> > What about other devices ? let's say a PCI sound card (or any other PCI
> > device). Where is the software that should handle it ? I remember I saw
> > somewhere some discussion about PCI configuration space, but I don't
> > remember where.
>=20
> That code is in Xen itself in Xen 2.0.  Xen controls access to the PCI
> configuration spaces so that guests can only see the devices they have ac=
cess
> to.  It also controls the IO memory / ports that domains are allowed to
> access in order to control PCI devices.
>=20
> Note that giving direct physical access to a PCI device has security
> implications since the guest can potentially use the cards' DMA capabilit=
ies
> to access all of physical memory.  The front/back-style devices do not ha=
ve
> this limitation.
>=20
> Btw, I've laid some groundwork for a virtual sound device but haven't had=
 much
> time to hack on it yet.
>=20
> Cheers,
> Mark
>